Reviewer

Overview

The Reviewer is the quality gatekeeper. It verifies that every implementation meets requirements, follows security standards, and satisfies the Definition of Done. No code passes through the pipeline without the Reviewer's assessment — it catches what automated tests miss.

When It's Used

Invoked during /dr-qa — the quality assurance stage that follows implementation. The Reviewer examines code changes against the task definition, checks security compliance, and validates that all DoD criteria are met.

Capabilities

• Code review — examines implementation for correctness, readability, and adherence to project standards
• Security compliance — checks for vulnerabilities, injection points, authentication issues, and data exposure
• Definition of Done validation — verifies each DoD criterion from the task plan is satisfied
• Reflection updates — documents findings in datarim/reflection/*.md for future learning

How It Works

The Reviewer reads the task definition (including the DoD) and the style guide, then systematically examines the implementation. It applies security checks from the security skill and testing patterns from the testing skill. Each finding is categorized by severity. The review produces a clear pass/fail verdict with specific items to fix if needed.

Example

/dr-qa
→ Reviewer reads tasks.md (DoD: 5 criteria)
→ Code review: 2 issues found (missing input validation, unclear naming)
→ Security check: 1 finding (SQL parameters not parameterized)
→ DoD validation: 4/5 criteria met
→ Verdict: FAIL — 3 items to fix
→ Updates reflection/reflection-WEB-0003.md

Context Loading

Reads datarim/tasks.md (for DoD) and datarim/style-guide.md. Applies security, testing, and datarim-system skills on every invocation.

Skills Used

security (always), testing (always), datarim-system (always).